>From: frede...@ofb.net <frede...@ofb.net> >Sent: Saturday, December 17, 2016 1:35 AM >To: users@spamassassin.apache.org >Cc: John Hardin >Subject: Re: recent increase in spam getting through >Here's the sample spam:
> From tfioxmns...@mariupol.us Fri Dec 16 20:30:08 2016 > Return-Path: <tfioxmns...@mariupol.us> > X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on thutmose > X-Spam-Level: *** > X-Spam-Status: No, score=4.0 required=5.0 tests=BAYES_50, > HEADER_FROM_DIFFERENT_DOMAINS,HELO_DYNAMIC_IPADDR,HTML_MESSAGE, > MIME_QP_LONG_LINE,RDNS_DYNAMIC,T_REMOTE_IMAGE,T_SPF_HELO_TEMPERROR, > T_SPF_TEMPERROR autolearn=no autolearn_force=no version=3.4.1 > X-Original-To: frede...@ofb.net > Delivered-To: frede...@ofb.net > Received: from host-173-230-94-183.fltapsf.clients.pavlovmedia.com > (host-173-230-94-183.fltapsf.clients.pavlovmedia.com >[173.230.94.183]) > by ofb.net (Postfix) with SMTP id 1CF1D3FFB7 > for <frede...@ofb.net>; Fri, 16 Dec 2016 20:30:07 -0800 (PST) That mail server IP above is on a very high number of RBLs: http://multirbl.valli.org/lookup/173.230.94.183.html The edge MX server 104.197.242.163 must not be doing any MTA checks of RBLs. In my opinion, this is critical to get a successful SA setup. RBLs should block 85 ot 95 percent of spam and let SA score the last few percent. Looks like your setup is having to deal with all of the spam so the target is too large. From my experience It will take too much time to "baby sit" SA and it will look to you like SA is randomly scoring that doesn't make sense. Consider setting up a small EFA server as the edge MTA: https://efa-project.org/ Dave
